Connectivity Requirements
Overview
Full details of all required network/firewall rules for AppsAnywhere are detailed below.
Further information is available by request to AppsAnywhere Support or as part of an AppsAnywhere Implementation.
For Parallels RAS, please refer to Parallels RAS 19 Administrator's Guide - Port reference.
Firewall Rules
The following tables detail the connectivity required, grouped according to the origin of the network traffic.
All traffic is bi-directional
Internal Destinations should be amended to match internal servers and services.
There is no requirement to configure firewall rules on AppsAnywhere servers.
AppsAnywhere
Inbound Traffic (Internal and External)
Sources | Internal Destination | Port | Usage |
|---|---|---|---|
Client Devices | 443 TCP | User access to AppsAnywhere (e.g. via a load balancer) |
Inbound Traffic (Internal)
It is recommended that access for Analytics users is provisioned on an internal network only.
Sources | Internal Destination | Port | Usage |
|---|---|---|---|
Client Devices | 9999 TCP | User access to Analytics A direct connection to the server DNS is recommended Retrieving content to be embedded into AppsAnywhere Analytics user interface and is required from all Analytics Viewer/Explorer (end user) devices (note: this is only the named Analytics Viewers/Explorers users and not all users of AppsAnywhere). It is recommended that access is only available on the internal network. | |
AppsAnywhere | 19999 TCP | Authorizing sessions for AppsAnywhere Analytics and pulling data on behalf of AppsAnywhere Analytics UI and is only required from the AppsAnywhere Servers | |
AppsAnywhere01 | 80 TCP | Transfer of AppsAnywhere Client installers from other internal AppsAnywhere servers | |
AppsAnywhere01 | 80 TCP | Transfer of AppsAnywhere Client installers from other internal AppsAnywhere servers | |
AppsAnywhere01 | 22 TCP | Transfer of AppsAnywhere Configuration from other internal AppsAnywhere servers | |
AppsAnywhere01 | 22 TCP | Transfer of AppsAnywhere Configuration from other internal AppsAnywhere servers | |
Jump Host | 22 TCP | SSH access for administration (usually via a Windows jump host) | |
Jump Host | 22 TCP | SSH access for administration (usually via a Windows jump host) | |
Jump Host | 22 TCP | SSH access for administration (usually via a Windows jump host) | |
Jump Host | 22 TCP | AppsAnywhere remote support for installation, configuration and upgrades |
Outbound Traffic (Internal)
Sources | Internal Destination | Port | Usage |
|---|---|---|---|
AppsAnywhere | 1433 TCP | Connection to your SQL database | |
AppsAnywhere | 1434 UDP | Connection to your SQL database, if using dynamic ports | |
AppsAnywhere | 636 TCP | Connection via LDAPS to Active Directory | |
AppsAnywhere | 88 UDP | Connection via Kerberos to Active Directory | |
AppsAnywhere02 | 80 TCP | Transfer of AppsAnywhere Client installers to other internal AppsAnywhere servers | |
AppsAnywhere03 | 80 TCP | Transfer of AppsAnywhere Client installers to other internal AppsAnywhere servers | |
AppsAnywhere | 443 TCP | Connection to your Cloudpaging service (if applicable) | |
AppsAnywhere | 443 TCP | Connection to the Parallels RAS service (if applicable) | |
AppsAnywhere | 19999 TCP | Connection to the Analytics Appliance | |
AppsAnywhere | 445 TCP | AppsAnywhere Service access to the Secure Download UNC path | |
Analytics | 1433 TCP | Connection to the SQL database | |
Analytics | 1433 UDP | Connection to the SQL database |
Outbound Traffic (External)
Source | Port | Usage |
|---|---|---|
AppsAnywhere | 123 UDP | CentOS (Chrony) Time Service |
AppsAnywhere | 80 TCP | Icon Library and CentOS updates |
AppsAnywhere | 443 TCP | APIs, libraries and CentOS updates |
AppsAnywhere | 587 TCP | Expiration notifications sent to Admin Email Addresses |
Analytics | 123 UDP | CentOS (Chrony) Time Service |
Analytics | 443 TCP | Appliance ACC, Daily License Check and CentOS updates |
Analytics | 80 TCP | CentOS updates |
Analytics | 587 TCP |
External Destinations
The following table provides detailed information for all the outbound destinations that AppsAnywhere requires access to during normal operation.
Source | External Destination | Port | Usage |
|---|---|---|---|
AppsAnywhere | 0.centos.pool.ntp.org | 123 UDP | CentOS Time Service |
AppsAnywhere | 1.centos.pool.ntp.org | 123 UDP | CentOS Time Service |
AppsAnywhere | 2.centos.pool.ntp.org | 123 UDP | CentOS Time Service |
AppsAnywhere | 3.centos.pool.ntp.org | 123 UDP | CentOS Time Service |
AppsAnywhere | api.appsanywhere.com | 80 TCP | Icon Library |
AppsAnywhere | api.software2.com | 443 TCP | AppsAnywhere Server Registration |
AppsAnywhere | b12228822d08f4925072-e23aef5ecad0f6168507017a4f5869f1.ssl.cf3.rackcdn.com | 443 TCP | AppsAnywhere Icon Library |
AppsAnywhere |
Allowing outbound connections to this mirror list address is not enough to allow system updates to be downloaded. This is because the system update process initially downloads a list of available software mirrors from mirrorlist.centos.org and then selects one of mirrors depending on the fastest to respond. We recommend allowing outbound connections to all mirrors listed on the CentOS mirror list. | 80 TCP | CentOS Update Repository |
AppsAnywhere |
Allowing outbound connections to this mirror list address is not enough to allow system updates to be downloaded. This is because the system update process initially downloads a list of available software mirrors from rpms.remirepo.net and then selects one of mirrors depending on the fastest to respond. We recommend allowing outbound connections to all mirrors listed on the Remi mirror list. | 80 TCP | CentOS Update Repository |
AppsAnywhere |
Allowing outbound connections to this mirror list address is not enough to allow system updates to be downloaded. This is because the system update process initially downloads a list of available software mirrors from mirrors.fedoraproject.org and then selects one of mirrors depending on the fastest to respond. We recommend allowing outbound connections to all mirrors listed on the Fedora mirror list. | 443 TCP | CentOS Update Repository |
AppsAnywhere | rpms.remirepo.net | 443 TCP | CentOS Update Repository |
AppsAnywhere | packages.microsoft.com | 443 TCP | CentOS Update Repository |
AppsAnywhere | rpm.nodesource.com ADDED 2.11 | 443 TCP | Node.js Update Repository |
AppsAnywhere | appsanywhereresources.blob.core.windows.net | 443 TCP | Appliance Configuration Console |
AppsAnywhere | 1bdb4cc9b0722bc205a377fabbc4511a62a47f7610ad5c7c4e62.ssl.cf3.rackcdn.com | 443 TCP | Client Management |
AppsAnywhere | *.s2public.blob.core.windows.net | 443 TCP | Client Management |
AppsAnywhere | software2-public.azureedge.net | 443 TCP | Patch Management |
AppsAnywhere | ajax.googleapis.com | 443 TCP | jQuery & Google Fonts |
AppsAnywhere | github.com | 443 TCP | Other AppsAnywhere libraries |
AppsAnywhere | smtp.sendgrid.net | 587 TCP | Email alerts via SMTP |
Analytics Server | 0.centos.pool.ntp.org | 123 UDP | CentOS Time Service |
Analytics Server | 1.centos.pool.ntp.org | 123 UDP | CentOS Time Service |
Analytics Server | 2.centos.pool.ntp.org | 123 UDP | CentOS Time Service |
Analytics Server | 3.centos.pool.ntp.org | 123 UDP | CentOS Time Service |
Analytics Server | mirrorlist.centos.org | 80 TCP | CentOS Update Repository |
Analytics Server | cdn.remirepo.net | 80 TCP | CentOS Update Repository |
Analytics Server | rpms.remirepo.net | 443 TCP | CentOS Update Repository |
AppsAnywhere | mirrors.fedoraproject.org | 443 TCP | CentOS Update Repository |
Analytics Server | s2public.blob.core.windows.net | 443 TCP | ACC Updates |
Analytics Server | software2-public.azureedge.net | 443 TCP | ACC Updates |
Analytics Server | bitbucket.org | 443 TCP | Analytics model and ML updates used by reports and the reporting schema |
Analytics Server | license.looker.com | 443 TCP | Daily heartbeat to licensing server |
Analytics Server | smtp.sendgrid.net | 587 TCP | Email alerts via SMTP |
Cloudpaging
Inbound Traffic (Internal and External)
Sources | Internal Destination | Port | Usage |
|---|---|---|---|
Client Devices | paging01.uni.edu | 80 TCP | User access to the Paging Service |
Inbound Traffic (Internal)
Sources | Internal Destination | Port | Usage |
|---|---|---|---|
AppsAnywhere | cloudpaging01.uni.edu | 443 TCP | AppsAnywhere access to the Cloudpaging Admin Service via a load balancer |
Parallels RAS
For Parallels RAS, please refer to Parallels RAS 19 Administrator's Guide - Port reference.